Created
December 12, 2023 13:32
-
-
Save Zheaoli/12cecde07512f7cae9ba6f82ca10ad90 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"ociVersion":"1.1.0-rc.1", | |
"process":{ | |
"user":{ | |
"uid":0, | |
"gid":0, | |
"additionalGids":[ | |
0, | |
1, | |
2, | |
3, | |
4, | |
6, | |
10, | |
11, | |
20, | |
26, | |
27 | |
] | |
}, | |
"args":[ | |
"/docker-entrypoint.sh", | |
"nginx", | |
"-g", | |
"daemon off;" | |
], | |
"env":[ | |
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", | |
"NGINX_VERSION=1.25.3", | |
"PKG_RELEASE=1", | |
"NJS_VERSION=0.8.2" | |
], | |
"cwd":"/", | |
"capabilities":{ | |
"bounding":[ | |
"CAP_CHOWN", | |
"CAP_DAC_OVERRIDE", | |
"CAP_FSETID", | |
"CAP_FOWNER", | |
"CAP_MKNOD", | |
"CAP_NET_RAW", | |
"CAP_SETGID", | |
"CAP_SETUID", | |
"CAP_SETFCAP", | |
"CAP_SETPCAP", | |
"CAP_NET_BIND_SERVICE", | |
"CAP_SYS_CHROOT", | |
"CAP_KILL", | |
"CAP_AUDIT_WRITE" | |
], | |
"effective":[ | |
"CAP_CHOWN", | |
"CAP_DAC_OVERRIDE", | |
"CAP_FSETID", | |
"CAP_FOWNER", | |
"CAP_MKNOD", | |
"CAP_NET_RAW", | |
"CAP_SETGID", | |
"CAP_SETUID", | |
"CAP_SETFCAP", | |
"CAP_SETPCAP", | |
"CAP_NET_BIND_SERVICE", | |
"CAP_SYS_CHROOT", | |
"CAP_KILL", | |
"CAP_AUDIT_WRITE" | |
], | |
"permitted":[ | |
"CAP_CHOWN", | |
"CAP_DAC_OVERRIDE", | |
"CAP_FSETID", | |
"CAP_FOWNER", | |
"CAP_MKNOD", | |
"CAP_NET_RAW", | |
"CAP_SETGID", | |
"CAP_SETUID", | |
"CAP_SETFCAP", | |
"CAP_SETPCAP", | |
"CAP_NET_BIND_SERVICE", | |
"CAP_SYS_CHROOT", | |
"CAP_KILL", | |
"CAP_AUDIT_WRITE" | |
] | |
}, | |
"rlimits":[ | |
{ | |
"type":"RLIMIT_NOFILE", | |
"hard":1024, | |
"soft":1024 | |
} | |
], | |
"noNewPrivileges":true | |
}, | |
"root":{ | |
"path":"rootfs" | |
}, | |
"mounts":[ | |
{ | |
"destination":"/proc", | |
"type":"proc", | |
"source":"proc", | |
"options":[ | |
"nosuid", | |
"noexec", | |
"nodev" | |
] | |
}, | |
{ | |
"destination":"/dev", | |
"type":"tmpfs", | |
"source":"tmpfs", | |
"options":[ | |
"nosuid", | |
"strictatime", | |
"mode=755", | |
"size=65536k" | |
] | |
}, | |
{ | |
"destination":"/dev/pts", | |
"type":"devpts", | |
"source":"devpts", | |
"options":[ | |
"nosuid", | |
"noexec", | |
"newinstance", | |
"ptmxmode=0666", | |
"mode=0620", | |
"gid=5" | |
] | |
}, | |
{ | |
"destination":"/dev/shm", | |
"type":"tmpfs", | |
"source":"shm", | |
"options":[ | |
"nosuid", | |
"noexec", | |
"nodev", | |
"mode=1777", | |
"size=65536k" | |
] | |
}, | |
{ | |
"destination":"/dev/mqueue", | |
"type":"mqueue", | |
"source":"mqueue", | |
"options":[ | |
"nosuid", | |
"noexec", | |
"nodev" | |
] | |
}, | |
{ | |
"destination":"/sys", | |
"type":"sysfs", | |
"source":"sysfs", | |
"options":[ | |
"nosuid", | |
"noexec", | |
"nodev", | |
"ro" | |
] | |
}, | |
{ | |
"destination":"/run", | |
"type":"tmpfs", | |
"source":"tmpfs", | |
"options":[ | |
"nosuid", | |
"strictatime", | |
"mode=755", | |
"size=65536k" | |
] | |
} | |
], | |
"linux":{ | |
"resources":{ | |
"devices":[ | |
{ | |
"allow":false, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":1, | |
"minor":3, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":1, | |
"minor":8, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":1, | |
"minor":7, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":5, | |
"minor":0, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":1, | |
"minor":5, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":1, | |
"minor":9, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":5, | |
"minor":1, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":136, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":5, | |
"minor":2, | |
"access":"rwm" | |
} | |
] | |
}, | |
"cgroupsPath":"/default/nginx", | |
"namespaces":[ | |
{ | |
"type":"pid" | |
}, | |
{ | |
"type":"ipc" | |
}, | |
{ | |
"type":"uts" | |
}, | |
{ | |
"type":"mount" | |
}, | |
{ | |
"type":"network" | |
} | |
], | |
"maskedPaths":[ | |
"/proc/acpi", | |
"/proc/asound", | |
"/proc/kcore", | |
"/proc/keys", | |
"/proc/latency_stats", | |
"/proc/timer_list", | |
"/proc/timer_stats", | |
"/proc/sched_debug", | |
"/sys/firmware", | |
"/sys/devices/virtual/powercap", | |
"/proc/scsi" | |
], | |
"readonlyPaths":[ | |
"/proc/bus", | |
"/proc/fs", | |
"/proc/irq", | |
"/proc/sys", | |
"/proc/sysrq-trigger" | |
] | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"ociVersion":"1.1.0-rc.2", | |
"process":{ | |
"user":{ | |
"uid":0, | |
"gid":0, | |
"additionalGids":[ | |
0, | |
0, | |
1, | |
2, | |
3, | |
4, | |
6, | |
10, | |
11, | |
20, | |
26, | |
27 | |
] | |
}, | |
"args":[ | |
"/docker-entrypoint.sh", | |
"nginx", | |
"-g", | |
"daemon off;" | |
], | |
"env":[ | |
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", | |
"HOSTNAME=cd121ce6649d", | |
"NGINX_VERSION=1.25.3", | |
"PKG_RELEASE=1", | |
"NJS_VERSION=0.8.2" | |
], | |
"cwd":"/", | |
"capabilities":{ | |
"bounding":[ | |
"CAP_CHOWN", | |
"CAP_DAC_OVERRIDE", | |
"CAP_FSETID", | |
"CAP_FOWNER", | |
"CAP_MKNOD", | |
"CAP_NET_RAW", | |
"CAP_SETGID", | |
"CAP_SETUID", | |
"CAP_SETFCAP", | |
"CAP_SETPCAP", | |
"CAP_NET_BIND_SERVICE", | |
"CAP_SYS_CHROOT", | |
"CAP_KILL", | |
"CAP_AUDIT_WRITE" | |
], | |
"effective":[ | |
"CAP_CHOWN", | |
"CAP_DAC_OVERRIDE", | |
"CAP_FSETID", | |
"CAP_FOWNER", | |
"CAP_MKNOD", | |
"CAP_NET_RAW", | |
"CAP_SETGID", | |
"CAP_SETUID", | |
"CAP_SETFCAP", | |
"CAP_SETPCAP", | |
"CAP_NET_BIND_SERVICE", | |
"CAP_SYS_CHROOT", | |
"CAP_KILL", | |
"CAP_AUDIT_WRITE" | |
], | |
"permitted":[ | |
"CAP_CHOWN", | |
"CAP_DAC_OVERRIDE", | |
"CAP_FSETID", | |
"CAP_FOWNER", | |
"CAP_MKNOD", | |
"CAP_NET_RAW", | |
"CAP_SETGID", | |
"CAP_SETUID", | |
"CAP_SETFCAP", | |
"CAP_SETPCAP", | |
"CAP_NET_BIND_SERVICE", | |
"CAP_SYS_CHROOT", | |
"CAP_KILL", | |
"CAP_AUDIT_WRITE" | |
] | |
}, | |
"oomScoreAdj":0 | |
}, | |
"root":{ | |
"path":"/var/lib/docker/overlay2/f24ffd606f5d804e1c8ef721db7fd98377801b9d7e83afe6f6a817ad08eefcef/merged" | |
}, | |
"hostname":"cd121ce6649d", | |
"mounts":[ | |
{ | |
"destination":"/proc", | |
"type":"proc", | |
"source":"proc", | |
"options":[ | |
"nosuid", | |
"noexec", | |
"nodev" | |
] | |
}, | |
{ | |
"destination":"/dev", | |
"type":"tmpfs", | |
"source":"tmpfs", | |
"options":[ | |
"nosuid", | |
"strictatime", | |
"mode=755", | |
"size=65536k" | |
] | |
}, | |
{ | |
"destination":"/dev/pts", | |
"type":"devpts", | |
"source":"devpts", | |
"options":[ | |
"nosuid", | |
"noexec", | |
"newinstance", | |
"ptmxmode=0666", | |
"mode=0620", | |
"gid=5" | |
] | |
}, | |
{ | |
"destination":"/sys", | |
"type":"sysfs", | |
"source":"sysfs", | |
"options":[ | |
"nosuid", | |
"noexec", | |
"nodev", | |
"ro" | |
] | |
}, | |
{ | |
"destination":"/sys/fs/cgroup", | |
"type":"cgroup", | |
"source":"cgroup", | |
"options":[ | |
"ro", | |
"nosuid", | |
"noexec", | |
"nodev" | |
] | |
}, | |
{ | |
"destination":"/dev/mqueue", | |
"type":"mqueue", | |
"source":"mqueue", | |
"options":[ | |
"nosuid", | |
"noexec", | |
"nodev" | |
] | |
}, | |
{ | |
"destination":"/dev/shm", | |
"type":"tmpfs", | |
"source":"shm", | |
"options":[ | |
"nosuid", | |
"noexec", | |
"nodev", | |
"mode=1777", | |
"size=67108864" | |
] | |
}, | |
{ | |
"destination":"/etc/resolv.conf", | |
"type":"bind", | |
"source":"/var/lib/docker/containers/cd121ce6649dee2b0dfd32eae451c72bde0ce6c72dbf30a8610f72ccbd951f0c/resolv.conf", | |
"options":[ | |
"rbind", | |
"rprivate" | |
] | |
}, | |
{ | |
"destination":"/etc/hostname", | |
"type":"bind", | |
"source":"/var/lib/docker/containers/cd121ce6649dee2b0dfd32eae451c72bde0ce6c72dbf30a8610f72ccbd951f0c/hostname", | |
"options":[ | |
"rbind", | |
"rprivate" | |
] | |
}, | |
{ | |
"destination":"/etc/hosts", | |
"type":"bind", | |
"source":"/var/lib/docker/containers/cd121ce6649dee2b0dfd32eae451c72bde0ce6c72dbf30a8610f72ccbd951f0c/hosts", | |
"options":[ | |
"rbind", | |
"rprivate" | |
] | |
} | |
], | |
"hooks":{ | |
"prestart":[ | |
{ | |
"path":"/proc/2091/exe", | |
"args":[ | |
"libnetwork-setkey", | |
"-exec-root=/var/run/docker", | |
"cd121ce6649dee2b0dfd32eae451c72bde0ce6c72dbf30a8610f72ccbd951f0c", | |
"74786362a0ae" | |
] | |
} | |
] | |
}, | |
"linux":{ | |
"sysctl":{ | |
"net.ipv4.ip_unprivileged_port_start":"0", | |
"net.ipv4.ping_group_range":"0 2147483647" | |
}, | |
"resources":{ | |
"devices":[ | |
{ | |
"allow":false, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":1, | |
"minor":5, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":1, | |
"minor":3, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":1, | |
"minor":9, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":1, | |
"minor":8, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":5, | |
"minor":0, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":5, | |
"minor":1, | |
"access":"rwm" | |
}, | |
{ | |
"allow":false, | |
"type":"c", | |
"major":10, | |
"minor":229, | |
"access":"rwm" | |
}, | |
{ | |
"allow":false, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":1, | |
"minor":5, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":1, | |
"minor":3, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":1, | |
"minor":9, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":1, | |
"minor":8, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":5, | |
"minor":0, | |
"access":"rwm" | |
}, | |
{ | |
"allow":true, | |
"type":"c", | |
"major":5, | |
"minor":1, | |
"access":"rwm" | |
}, | |
{ | |
"allow":false, | |
"type":"c", | |
"major":10, | |
"minor":229, | |
"access":"rwm" | |
} | |
], | |
"blockIO":{ | |
} | |
}, | |
"cgroupsPath":"system.slice:docker:cd121ce6649dee2b0dfd32eae451c72bde0ce6c72dbf30a8610f72ccbd951f0c", | |
"namespaces":[ | |
{ | |
"type":"mount" | |
}, | |
{ | |
"type":"network" | |
}, | |
{ | |
"type":"uts" | |
}, | |
{ | |
"type":"pid" | |
}, | |
{ | |
"type":"ipc" | |
}, | |
{ | |
"type":"cgroup" | |
} | |
], | |
"seccomp":{ | |
"defaultAction":"SCMP_ACT_ERRNO", | |
"defaultErrnoRet":1, | |
"architectures":[ | |
"SCMP_ARCH_X86_64", | |
"SCMP_ARCH_X86", | |
"SCMP_ARCH_X32" | |
], | |
"syscalls":[ | |
{ | |
"names":[ | |
"accept", | |
"accept4", | |
"access", | |
"adjtimex", | |
"alarm", | |
"bind", | |
"brk", | |
"capget", | |
"capset", | |
"chdir", | |
"chmod", | |
"chown", | |
"chown32", | |
"clock_adjtime", | |
"clock_adjtime64", | |
"clock_getres", | |
"clock_getres_time64", | |
"clock_gettime", | |
"clock_gettime64", | |
"clock_nanosleep", | |
"clock_nanosleep_time64", | |
"close", | |
"close_range", | |
"connect", | |
"copy_file_range", | |
"creat", | |
"dup", | |
"dup2", | |
"dup3", | |
"epoll_create", | |
"epoll_create1", | |
"epoll_ctl", | |
"epoll_ctl_old", | |
"epoll_pwait", | |
"epoll_pwait2", | |
"epoll_wait", | |
"epoll_wait_old", | |
"eventfd", | |
"eventfd2", | |
"execve", | |
"execveat", | |
"exit", | |
"exit_group", | |
"faccessat", | |
"faccessat2", | |
"fadvise64", | |
"fadvise64_64", | |
"fallocate", | |
"fanotify_mark", | |
"fchdir", | |
"fchmod", | |
"fchmodat", | |
"fchown", | |
"fchown32", | |
"fchownat", | |
"fcntl", | |
"fcntl64", | |
"fdatasync", | |
"fgetxattr", | |
"flistxattr", | |
"flock", | |
"fork", | |
"fremovexattr", | |
"fsetxattr", | |
"fstat", | |
"fstat64", | |
"fstatat64", | |
"fstatfs", | |
"fstatfs64", | |
"fsync", | |
"ftruncate", | |
"ftruncate64", | |
"futex", | |
"futex_time64", | |
"futex_waitv", | |
"futimesat", | |
"getcpu", | |
"getcwd", | |
"getdents", | |
"getdents64", | |
"getegid", | |
"getegid32", | |
"geteuid", | |
"geteuid32", | |
"getgid", | |
"getgid32", | |
"getgroups", | |
"getgroups32", | |
"getitimer", | |
"getpeername", | |
"getpgid", | |
"getpgrp", | |
"getpid", | |
"getppid", | |
"getpriority", | |
"getrandom", | |
"getresgid", | |
"getresgid32", | |
"getresuid", | |
"getresuid32", | |
"getrlimit", | |
"get_robust_list", | |
"getrusage", | |
"getsid", | |
"getsockname", | |
"getsockopt", | |
"get_thread_area", | |
"gettid", | |
"gettimeofday", | |
"getuid", | |
"getuid32", | |
"getxattr", | |
"inotify_add_watch", | |
"inotify_init", | |
"inotify_init1", | |
"inotify_rm_watch", | |
"io_cancel", | |
"ioctl", | |
"io_destroy", | |
"io_getevents", | |
"io_pgetevents", | |
"io_pgetevents_time64", | |
"ioprio_get", | |
"ioprio_set", | |
"io_setup", | |
"io_submit", | |
"io_uring_enter", | |
"io_uring_register", | |
"io_uring_setup", | |
"ipc", | |
"kill", | |
"landlock_add_rule", | |
"landlock_create_ruleset", | |
"landlock_restrict_self", | |
"lchown", | |
"lchown32", | |
"lgetxattr", | |
"link", | |
"linkat", | |
"listen", | |
"listxattr", | |
"llistxattr", | |
"_llseek", | |
"lremovexattr", | |
"lseek", | |
"lsetxattr", | |
"lstat", | |
"lstat64", | |
"madvise", | |
"membarrier", | |
"memfd_create", | |
"memfd_secret", | |
"mincore", | |
"mkdir", | |
"mkdirat", | |
"mknod", | |
"mknodat", | |
"mlock", | |
"mlock2", | |
"mlockall", | |
"mmap", | |
"mmap2", | |
"mprotect", | |
"mq_getsetattr", | |
"mq_notify", | |
"mq_open", | |
"mq_timedreceive", | |
"mq_timedreceive_time64", | |
"mq_timedsend", | |
"mq_timedsend_time64", | |
"mq_unlink", | |
"mremap", | |
"msgctl", | |
"msgget", | |
"msgrcv", | |
"msgsnd", | |
"msync", | |
"munlock", | |
"munlockall", | |
"munmap", | |
"name_to_handle_at", | |
"nanosleep", | |
"newfstatat", | |
"_newselect", | |
"open", | |
"openat", | |
"openat2", | |
"pause", | |
"pidfd_open", | |
"pidfd_send_signal", | |
"pipe", | |
"pipe2", | |
"pkey_alloc", | |
"pkey_free", | |
"pkey_mprotect", | |
"poll", | |
"ppoll", | |
"ppoll_time64", | |
"prctl", | |
"pread64", | |
"preadv", | |
"preadv2", | |
"prlimit64", | |
"process_mrelease", | |
"pselect6", | |
"pselect6_time64", | |
"pwrite64", | |
"pwritev", | |
"pwritev2", | |
"read", | |
"readahead", | |
"readlink", | |
"readlinkat", | |
"readv", | |
"recv", | |
"recvfrom", | |
"recvmmsg", | |
"recvmmsg_time64", | |
"recvmsg", | |
"remap_file_pages", | |
"removexattr", | |
"rename", | |
"renameat", | |
"renameat2", | |
"restart_syscall", | |
"rmdir", | |
"rseq", | |
"rt_sigaction", | |
"rt_sigpending", | |
"rt_sigprocmask", | |
"rt_sigqueueinfo", | |
"rt_sigreturn", | |
"rt_sigsuspend", | |
"rt_sigtimedwait", | |
"rt_sigtimedwait_time64", | |
"rt_tgsigqueueinfo", | |
"sched_getaffinity", | |
"sched_getattr", | |
"sched_getparam", | |
"sched_get_priority_max", | |
"sched_get_priority_min", | |
"sched_getscheduler", | |
"sched_rr_get_interval", | |
"sched_rr_get_interval_time64", | |
"sched_setaffinity", | |
"sched_setattr", | |
"sched_setparam", | |
"sched_setscheduler", | |
"sched_yield", | |
"seccomp", | |
"select", | |
"semctl", | |
"semget", | |
"semop", | |
"semtimedop", | |
"semtimedop_time64", | |
"send", | |
"sendfile", | |
"sendfile64", | |
"sendmmsg", | |
"sendmsg", | |
"sendto", | |
"setfsgid", | |
"setfsgid32", | |
"setfsuid", | |
"setfsuid32", | |
"setgid", | |
"setgid32", | |
"setgroups", | |
"setgroups32", | |
"setitimer", | |
"setpgid", | |
"setpriority", | |
"setregid", | |
"setregid32", | |
"setresgid", | |
"setresgid32", | |
"setresuid", | |
"setresuid32", | |
"setreuid", | |
"setreuid32", | |
"setrlimit", | |
"set_robust_list", | |
"setsid", | |
"setsockopt", | |
"set_thread_area", | |
"set_tid_address", | |
"setuid", | |
"setuid32", | |
"setxattr", | |
"shmat", | |
"shmctl", | |
"shmdt", | |
"shmget", | |
"shutdown", | |
"sigaltstack", | |
"signalfd", | |
"signalfd4", | |
"sigprocmask", | |
"sigreturn", | |
"socketcall", | |
"socketpair", | |
"splice", | |
"stat", | |
"stat64", | |
"statfs", | |
"statfs64", | |
"statx", | |
"symlink", | |
"symlinkat", | |
"sync", | |
"sync_file_range", | |
"syncfs", | |
"sysinfo", | |
"tee", | |
"tgkill", | |
"time", | |
"timer_create", | |
"timer_delete", | |
"timer_getoverrun", | |
"timer_gettime", | |
"timer_gettime64", | |
"timer_settime", | |
"timer_settime64", | |
"timerfd_create", | |
"timerfd_gettime", | |
"timerfd_gettime64", | |
"timerfd_settime", | |
"timerfd_settime64", | |
"times", | |
"tkill", | |
"truncate", | |
"truncate64", | |
"ugetrlimit", | |
"umask", | |
"uname", | |
"unlink", | |
"unlinkat", | |
"utime", | |
"utimensat", | |
"utimensat_time64", | |
"utimes", | |
"vfork", | |
"vmsplice", | |
"wait4", | |
"waitid", | |
"waitpid", | |
"write", | |
"writev" | |
], | |
"action":"SCMP_ACT_ALLOW" | |
}, | |
{ | |
"names":[ | |
"process_vm_readv", | |
"process_vm_writev", | |
"ptrace" | |
], | |
"action":"SCMP_ACT_ALLOW" | |
}, | |
{ | |
"names":[ | |
"socket" | |
], | |
"action":"SCMP_ACT_ALLOW", | |
"args":[ | |
{ | |
"index":0, | |
"value":40, | |
"op":"SCMP_CMP_NE" | |
} | |
] | |
}, | |
{ | |
"names":[ | |
"personality" | |
], | |
"action":"SCMP_ACT_ALLOW", | |
"args":[ | |
{ | |
"index":0, | |
"value":0, | |
"op":"SCMP_CMP_EQ" | |
} | |
] | |
}, | |
{ | |
"names":[ | |
"personality" | |
], | |
"action":"SCMP_ACT_ALLOW", | |
"args":[ | |
{ | |
"index":0, | |
"value":8, | |
"op":"SCMP_CMP_EQ" | |
} | |
] | |
}, | |
{ | |
"names":[ | |
"personality" | |
], | |
"action":"SCMP_ACT_ALLOW", | |
"args":[ | |
{ | |
"index":0, | |
"value":131072, | |
"op":"SCMP_CMP_EQ" | |
} | |
] | |
}, | |
{ | |
"names":[ | |
"personality" | |
], | |
"action":"SCMP_ACT_ALLOW", | |
"args":[ | |
{ | |
"index":0, | |
"value":131080, | |
"op":"SCMP_CMP_EQ" | |
} | |
] | |
}, | |
{ | |
"names":[ | |
"personality" | |
], | |
"action":"SCMP_ACT_ALLOW", | |
"args":[ | |
{ | |
"index":0, | |
"value":4294967295, | |
"op":"SCMP_CMP_EQ" | |
} | |
] | |
}, | |
{ | |
"names":[ | |
"arch_prctl" | |
], | |
"action":"SCMP_ACT_ALLOW" | |
}, | |
{ | |
"names":[ | |
"modify_ldt" | |
], | |
"action":"SCMP_ACT_ALLOW" | |
}, | |
{ | |
"names":[ | |
"clone" | |
], | |
"action":"SCMP_ACT_ALLOW", | |
"args":[ | |
{ | |
"index":0, | |
"value":2114060288, | |
"op":"SCMP_CMP_MASKED_EQ" | |
} | |
] | |
}, | |
{ | |
"names":[ | |
"clone3" | |
], | |
"action":"SCMP_ACT_ERRNO", | |
"errnoRet":38 | |
}, | |
{ | |
"names":[ | |
"chroot" | |
], | |
"action":"SCMP_ACT_ALLOW" | |
} | |
] | |
}, | |
"maskedPaths":[ | |
"/proc/asound", | |
"/proc/acpi", | |
"/proc/kcore", | |
"/proc/keys", | |
"/proc/latency_stats", | |
"/proc/timer_list", | |
"/proc/timer_stats", | |
"/proc/sched_debug", | |
"/proc/scsi", | |
"/sys/firmware", | |
"/sys/devices/virtual/powercap" | |
], | |
"readonlyPaths":[ | |
"/proc/bus", | |
"/proc/fs", | |
"/proc/irq", | |
"/proc/sys", | |
"/proc/sysrq-trigger" | |
] | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment